From f12eaffc7608ae824061277d8a5d40bd8174676f Mon Sep 17 00:00:00 2001 From: Mike Nisbet Date: Tue, 27 Feb 2024 20:30:02 +0000 Subject: [PATCH] Upload Zapbox build to the App Store (#629) * gemfile * Cert generation actions * lint, fastfile * manually kick off * restore * new fast/appfile * amend ci * only on main builds * address some changes * Use a sparse checkout in the release job --------- Co-authored-by: Mike Miller --- .github/workflows/build.yml | 48 ++++++ .github/workflows/generate_certs.yml | 37 +++++ .github/workflows/ios_setup.yml | 26 +++ Gemfile | 3 + Gemfile.lock | 228 +++++++++++++++++++++++++++ fastlane/Appfile | 9 ++ fastlane/Fastfile | 82 ++++++++++ 7 files changed, 433 insertions(+) create mode 100644 .github/workflows/generate_certs.yml create mode 100644 .github/workflows/ios_setup.yml create mode 100644 Gemfile create mode 100644 Gemfile.lock create mode 100644 fastlane/Appfile create mode 100644 fastlane/Fastfile diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 1bdcd371e3..79daf4b64f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1173,3 +1173,51 @@ jobs: # For Pico, Beta channels can only get one build, not a separate China / non-China build ./pico-cli upload-build --app-id $PICO_APP_ID --app-secret $PICO_APP_SECRET --region noncn --apk OpenBrush_Pico_$VERSION.apk --channel 3 --notes-en "Version $VERSION" --device 'PICO Neo3,PICO Neo3 Pro,PICO Neo3 Eye,PICO 4' fi + + publish_ios_appstore: + name: Release to iOS App Store + needs: [configuration, build] + runs-on: macos-latest + if: | + github.event_name == 'push' && + github.repository == 'icosa-foundation/open-brush' && + (github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags/v')) + steps: + - name: Checkout Repository + uses: actions/checkout@v4 + with: + fetch-depth: 0 + sparse-checkout: | + Gemfile + Gemfile.lock + fastlane + + - name: Download iOS Artifact + uses: actions/download-artifact@v4 + with: + name: iOS Zapbox + path: build/iOS + + - name: Fix File Permissions and Run fastlane + env: + APPLE_CONNECT_EMAIL: ${{ secrets.APPLE_CONNECT_EMAIL }} + APPLE_DEVELOPER_EMAIL: ${{ secrets.APPLE_DEVELOPER_EMAIL }} + APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} + + MATCH_REPOSITORY: ${{ secrets.MATCH_REPOSITORY }} + MATCH_DEPLOY_KEY: ${{ secrets.MATCH_DEPLOY_KEY }} + MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }} + + APPSTORE_ISSUER_ID: ${{ secrets.APPSTORE_ISSUER_ID }} + APPSTORE_KEY_ID: ${{ secrets.APPSTORE_KEY_ID }} + APPSTORE_P8: ${{ secrets.APPSTORE_P8 }} + + IOS_BUILD_PATH: ${{ format('{0}/build/iOS', github.workspace) }} + IOS_BUNDLE_ID: foundation.icosa.openbrushzapbox + PROJECT_NAME: Open Brush for Zapbox + run: | + eval "$(ssh-agent -s)" + ssh-add - <<< "${MATCH_DEPLOY_KEY}" + find $IOS_BUILD_PATH -type f -name "**.sh" -exec chmod +x {} \; + bundle install + bundle exec fastlane ios release diff --git a/.github/workflows/generate_certs.yml b/.github/workflows/generate_certs.yml new file mode 100644 index 0000000000..b75c92152d --- /dev/null +++ b/.github/workflows/generate_certs.yml @@ -0,0 +1,37 @@ +name: Generate iOS Certs + +on: + workflow_run: + workflows: ['iOS One-Time Setup'] + types: + - completed + workflow_dispatch: + +jobs: + generate_certs: + runs-on: macos-latest + steps: + - uses: actions/checkout@v4 + - uses: ruby/setup-ruby@v1 + with: + ruby-version: 3.2 + bundler-cache: true + + - name: Build iOS + shell: bash + run: | + eval "$(ssh-agent -s)" + ssh-add - <<< "${MATCH_DEPLOY_KEY}" + bundle exec fastlane ios sync_certificates + env: + APPSTORE_ISSUER_ID: ${{ secrets.APPSTORE_ISSUER_ID }} + APPSTORE_KEY_ID: ${{ secrets.APPSTORE_KEY_ID }} + APPSTORE_P8: ${{ secrets.APPSTORE_P8 }} + + IOS_BUNDLE_ID: ${{ secrets.IOS_BUNDLE_ID }} + + GH_PAT: ${{ secrets.GH_PAT }} + GITHUB_REPOSITORY: ${{ env.GITHUB_REPOSITORY }} + MATCH_REPOSITORY: ${{ secrets.MATCH_REPOSITORY }} + MATCH_DEPLOY_KEY: ${{ secrets.MATCH_DEPLOY_KEY }} + MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }} diff --git a/.github/workflows/ios_setup.yml b/.github/workflows/ios_setup.yml new file mode 100644 index 0000000000..d3ff9c7333 --- /dev/null +++ b/.github/workflows/ios_setup.yml @@ -0,0 +1,26 @@ +name: iOS One-Time Setup + +on: workflow_dispatch + +jobs: + setup: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: ruby/setup-ruby@v1 + with: + ruby-version: 3.2 + bundler-cache: true + + - name: Build iOS + shell: bash + run: | + bundle exec fastlane ios init_ci + env: + APPSTORE_ISSUER_ID: ${{ secrets.APPSTORE_ISSUER_ID }} + APPSTORE_KEY_ID: ${{ secrets.APPSTORE_KEY_ID }} + APPSTORE_P8: ${{ secrets.APPSTORE_P8 }} + + GH_PAT: ${{ secrets.GH_PAT }} + GITHUB_REPOSITORY: ${{ env.GITHUB_REPOSITORY }} + MATCH_REPOSITORY: ${{ secrets.MATCH_REPOSITORY }} diff --git a/Gemfile b/Gemfile new file mode 100644 index 0000000000..5224bd7e00 --- /dev/null +++ b/Gemfile @@ -0,0 +1,3 @@ +source "https://rubygems.org" +gem "fastlane" +gem 'fastlane-plugin-github_action', git: "https://github.com/joshdholtz/fastlane-plugin-github_action" # The published gem is missing necessary changes, so we need to link directly to the git repo diff --git a/Gemfile.lock b/Gemfile.lock new file mode 100644 index 0000000000..a308724a23 --- /dev/null +++ b/Gemfile.lock @@ -0,0 +1,228 @@ +GIT + remote: https://github.com/joshdholtz/fastlane-plugin-github_action + revision: 5cfdcb334fdf603409e94b09b6b10ab472f2ea35 + specs: + fastlane-plugin-github_action (1.1.0) + dotenv + fastlane (>= 2.148.1) + rbnacl + sshkey + +GEM + remote: https://rubygems.org/ + specs: + CFPropertyList (3.0.6) + rexml + addressable (2.8.6) + public_suffix (>= 2.0.2, < 6.0) + artifactory (3.0.15) + atomos (0.1.3) + aws-eventstream (1.3.0) + aws-partitions (1.889.0) + aws-sdk-core (3.191.1) + aws-eventstream (~> 1, >= 1.3.0) + aws-partitions (~> 1, >= 1.651.0) + aws-sigv4 (~> 1.8) + jmespath (~> 1, >= 1.6.1) + aws-sdk-kms (1.77.0) + aws-sdk-core (~> 3, >= 3.191.0) + aws-sigv4 (~> 1.1) + aws-sdk-s3 (1.143.0) + aws-sdk-core (~> 3, >= 3.191.0) + aws-sdk-kms (~> 1) + aws-sigv4 (~> 1.8) + aws-sigv4 (1.8.0) + aws-eventstream (~> 1, >= 1.0.2) + babosa (1.0.4) + claide (1.1.0) + colored (1.2) + colored2 (3.1.2) + commander (4.6.0) + highline (~> 2.0.0) + declarative (0.0.20) + digest-crc (0.6.5) + rake (>= 12.0.0, < 14.0.0) + domain_name (0.6.20240107) + dotenv (2.8.1) + emoji_regex (3.2.3) + excon (0.109.0) + faraday (1.10.3) + faraday-em_http (~> 1.0) + faraday-em_synchrony (~> 1.0) + faraday-excon (~> 1.1) + faraday-httpclient (~> 1.0) + faraday-multipart (~> 1.0) + faraday-net_http (~> 1.0) + faraday-net_http_persistent (~> 1.0) + faraday-patron (~> 1.0) + faraday-rack (~> 1.0) + faraday-retry (~> 1.0) + ruby2_keywords (>= 0.0.4) + faraday-cookie_jar (0.0.7) + faraday (>= 0.8.0) + http-cookie (~> 1.0.0) + faraday-em_http (1.0.0) + faraday-em_synchrony (1.0.0) + faraday-excon (1.1.0) + faraday-httpclient (1.0.1) + faraday-multipart (1.0.4) + multipart-post (~> 2) + faraday-net_http (1.0.1) + faraday-net_http_persistent (1.2.0) + faraday-patron (1.0.0) + faraday-rack (1.0.0) + faraday-retry (1.0.3) + faraday_middleware (1.2.0) + faraday (~> 1.0) + fastimage (2.3.0) + fastlane (2.219.0) + CFPropertyList (>= 2.3, < 4.0.0) + addressable (>= 2.8, < 3.0.0) + artifactory (~> 3.0) + aws-sdk-s3 (~> 1.0) + babosa (>= 1.0.3, < 2.0.0) + bundler (>= 1.12.0, < 3.0.0) + colored + commander (~> 4.6) + dotenv (>= 2.1.1, < 3.0.0) + emoji_regex (>= 0.1, < 4.0) + excon (>= 0.71.0, < 1.0.0) + faraday (~> 1.0) + faraday-cookie_jar (~> 0.0.6) + faraday_middleware (~> 1.0) + fastimage (>= 2.1.0, < 3.0.0) + gh_inspector (>= 1.1.2, < 2.0.0) + google-apis-androidpublisher_v3 (~> 0.3) + google-apis-playcustomapp_v1 (~> 0.1) + google-cloud-env (>= 1.6.0, < 2.0.0) + google-cloud-storage (~> 1.31) + highline (~> 2.0) + http-cookie (~> 1.0.5) + json (< 3.0.0) + jwt (>= 2.1.0, < 3) + mini_magick (>= 4.9.4, < 5.0.0) + multipart-post (>= 2.0.0, < 3.0.0) + naturally (~> 2.2) + optparse (>= 0.1.1) + plist (>= 3.1.0, < 4.0.0) + rubyzip (>= 2.0.0, < 3.0.0) + security (= 0.1.3) + simctl (~> 1.6.3) + terminal-notifier (>= 2.0.0, < 3.0.0) + terminal-table (~> 3) + tty-screen (>= 0.6.3, < 1.0.0) + tty-spinner (>= 0.8.0, < 1.0.0) + word_wrap (~> 1.0.0) + xcodeproj (>= 1.13.0, < 2.0.0) + xcpretty (~> 0.3.0) + xcpretty-travis-formatter (>= 0.0.3) + ffi (1.16.3-x64-mingw-ucrt) + gh_inspector (1.1.3) + google-apis-androidpublisher_v3 (0.54.0) + google-apis-core (>= 0.11.0, < 2.a) + google-apis-core (0.11.3) + addressable (~> 2.5, >= 2.5.1) + googleauth (>= 0.16.2, < 2.a) + httpclient (>= 2.8.1, < 3.a) + mini_mime (~> 1.0) + representable (~> 3.0) + retriable (>= 2.0, < 4.a) + rexml + google-apis-iamcredentials_v1 (0.17.0) + google-apis-core (>= 0.11.0, < 2.a) + google-apis-playcustomapp_v1 (0.13.0) + google-apis-core (>= 0.11.0, < 2.a) + google-apis-storage_v1 (0.31.0) + google-apis-core (>= 0.11.0, < 2.a) + google-cloud-core (1.6.1) + google-cloud-env (>= 1.0, < 3.a) + google-cloud-errors (~> 1.0) + google-cloud-env (1.6.0) + faraday (>= 0.17.3, < 3.0) + google-cloud-errors (1.3.1) + google-cloud-storage (1.47.0) + addressable (~> 2.8) + digest-crc (~> 0.4) + google-apis-iamcredentials_v1 (~> 0.1) + google-apis-storage_v1 (~> 0.31.0) + google-cloud-core (~> 1.6) + googleauth (>= 0.16.2, < 2.a) + mini_mime (~> 1.0) + googleauth (1.8.1) + faraday (>= 0.17.3, < 3.a) + jwt (>= 1.4, < 3.0) + multi_json (~> 1.11) + os (>= 0.9, < 2.0) + signet (>= 0.16, < 2.a) + highline (2.0.3) + http-cookie (1.0.5) + domain_name (~> 0.5) + httpclient (2.8.3) + jmespath (1.6.2) + json (2.7.1) + jwt (2.7.1) + mini_magick (4.12.0) + mini_mime (1.1.5) + multi_json (1.15.0) + multipart-post (2.4.0) + nanaimo (0.3.0) + naturally (2.2.1) + optparse (0.4.0) + os (1.1.4) + plist (3.7.1) + public_suffix (5.0.4) + rake (13.1.0) + rbnacl (7.1.1) + ffi + representable (3.2.0) + declarative (< 0.1.0) + trailblazer-option (>= 0.1.1, < 0.2.0) + uber (< 0.2.0) + retriable (3.1.2) + rexml (3.2.6) + rouge (2.0.7) + ruby2_keywords (0.0.5) + rubyzip (2.3.2) + security (0.1.3) + signet (0.18.0) + addressable (~> 2.8) + faraday (>= 0.17.5, < 3.a) + jwt (>= 1.5, < 3.0) + multi_json (~> 1.10) + simctl (1.6.10) + CFPropertyList + naturally + sshkey (3.0.0) + terminal-notifier (2.0.0) + terminal-table (3.0.2) + unicode-display_width (>= 1.1.1, < 3) + trailblazer-option (0.1.2) + tty-cursor (0.7.1) + tty-screen (0.8.2) + tty-spinner (0.9.3) + tty-cursor (~> 0.7) + uber (0.1.0) + unicode-display_width (2.5.0) + word_wrap (1.0.0) + xcodeproj (1.24.0) + CFPropertyList (>= 2.3.3, < 4.0) + atomos (~> 0.1.3) + claide (>= 1.0.2, < 2.0) + colored2 (~> 3.1) + nanaimo (~> 0.3.0) + rexml (~> 3.2.4) + xcpretty (0.3.0) + rouge (~> 2.0.7) + xcpretty-travis-formatter (1.0.1) + xcpretty (~> 0.2, >= 0.0.7) + +PLATFORMS + x86_64-linux + x86_64-darwin-20 + +DEPENDENCIES + fastlane + fastlane-plugin-github_action! + +BUNDLED WITH + 2.5.6 diff --git a/fastlane/Appfile b/fastlane/Appfile new file mode 100644 index 0000000000..551873451f --- /dev/null +++ b/fastlane/Appfile @@ -0,0 +1,9 @@ +for_platform :ios do + app_identifier(ENV['IOS_BUNDLE_ID']) + + apple_dev_portal_id(ENV['APPLE_DEVELOPER_EMAIL']) + itunes_connect_id(ENV['APPLE_CONNECT_EMAIL']) + + team_id(ENV['APPLE_TEAM_ID']) + itc_team_id(ENV['APPLE_TEAM_ID']) + end diff --git a/fastlane/Fastfile b/fastlane/Fastfile new file mode 100644 index 0000000000..9c336c9741 --- /dev/null +++ b/fastlane/Fastfile @@ -0,0 +1,82 @@ +org, repo = (ENV["GITHUB_REPOSITORY"]||"").split("/") +match_org, match_repo = (ENV["MATCH_REPOSITORY"]||"").split("/") + +platform :ios do + lane :init_ci do + github_action( + api_token: ENV["GH_PAT"], + org: org, + repo: repo, + match_org: match_org, + match_repo: match_repo, + writable_deploy_key: true + ) + end + + desc "Sync codesigning certificates" + lane :sync_certificates do + app_store_connect_api_key( + key_id: ENV["APPSTORE_KEY_ID"], + issuer_id: ENV["APPSTORE_ISSUER_ID"], + key_content: ENV['APPSTORE_P8'] + ) + + match( + type: "appstore", + storage_mode: "git", + git_url: "git@github.com:#{match_org}/#{match_repo}.git", + app_identifier: ENV["IOS_BUNDLE_ID"] + ) + end + + desc "Deliver a new Release build to the App Store" + lane :release do + build + upload_to_app_store + end + + desc "Deliver a new Beta build to Apple TestFlight" + lane :beta do + # Missing Export Compliance can also be set through Deliverfile + update_info_plist( + xcodeproj: "#{ENV['IOS_BUILD_PATH']}/iOS/Unity-iPhone.xcodeproj", + plist_path: 'Info.plist', + block: proc do |plist| + plist['ITSAppUsesNonExemptEncryption'] = false + end + ) + build + upload_to_testflight(skip_waiting_for_build_processing: true) + end + + desc "Create .ipa" + lane :build do + setup_ci + + sync_certificates + + # Unity has specific requirements around codesigning that we have to handle + # See https://github.com/fastlane/fastlane/discussions/17458 for context + update_code_signing_settings( + use_automatic_signing: true, + path: "#{ENV['IOS_BUILD_PATH']}/iOS/Unity-iPhone.xcodeproj" + ) + + update_code_signing_settings( + use_automatic_signing: false, + team_id: ENV["sigh_#{ENV['IOS_BUNDLE_ID']}_appstore_team-id"], + code_sign_identity: 'iPhone Distribution', + targets: 'Unity-iPhone', + path: "#{ENV['IOS_BUILD_PATH']}/iOS/Unity-iPhone.xcodeproj", + profile_name: ENV["sigh_#{ENV['IOS_BUNDLE_ID']}_appstore_profile-name"], + profile_uuid: ENV["sigh_#{ENV['IOS_BUNDLE_ID']}_appstore"] + ) + + build_app( #alias: gym + project: "#{ENV['IOS_BUILD_PATH']}/iOS/Unity-iPhone.xcodeproj", + scheme: 'Unity-iPhone', + xcargs: '-allowProvisioningUpdates' + ) + end + +end